import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from "@nestjs/common";
import { AUTH_ADMIN_META_KEY, ENUM_AUTH_STATUS_CODE_ERROR } from "src/auth/auth.constant";
import { Reflector } from "@nestjs/core";
import { DebuggerService } from "src/debugger/service/debugger.service";
import { UserRole } from "src/modules/user/user.interface";

@Injectable()
export class AuthPayloadAdminGuard implements CanActivate {
  constructor(private readonly debuggerService: DebuggerService, private reflector: Reflector) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const roles: UserRole[] = this.reflector.getAllAndOverride<UserRole[]>(AUTH_ADMIN_META_KEY, [context.getHandler(), context.getClass()]);

    if (!roles) {
      return true;
    }

    const { user } = context.switchToHttp().getRequest();
    if (!roles.includes(user.role)) {
      this.debuggerService.error("Auth active error", "AuthActiveGuard", "canActivate");

      throw new ForbiddenException({
        statusCode: ENUM_AUTH_STATUS_CODE_ERROR.AUTH_GUARD_ADMIN_ERROR,
        message: "auth.error.admin",
      });
    }
    return true;
  }
}
